125 matches found
EUVD-2026-0820
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
CVE-2025-15022 Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. See CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Description In Vaadin Framework 7 and 8...
PT-2026-1225
Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...
CVE-2025-12691
The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...
EUVD-2020-4429
Malware in sbrugna...
EUVD-2017-14512
Malware in sbrugna...
EUVD-2025-3507
Malicious code in bioql PyPI...
EUVD-2025-31818
Malicious code in bioql PyPI...
EUVD-2025-16698
Malicious code in bioql PyPI...
CVE-2025-9075
The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...
CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662
The CVE-2025-3662 entry concerns the WordPress FancyBox plugin (versions before 3.3.6). The root cause is that captions and titles attributes are not escaped before being used to populate galleries’ caption fields, enabling an Unauthenticated Stored XSS exploit. Affected product: FancyBox for Wor...
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2023-52187
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...
CVE-2025-25098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...
CVE-2025-25098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...
CVE-2025-25098
CVE-2025-25098 applies to the WordPress plugin Links in Captions (versions n/a through 1.2). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affects the Links in Captions component; exploitation could enable an att...
CVE-2025-25098 WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...